package com.cy.jt.security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class ResourceController {
 @PreAuthorize("hasAuthority('sys:res:create')")
 @RequestMapping("/doCreate")
 public String doCreate(){
  return "add resource";
 }
 @PreAuthorize("hasAuthority('sys:res:update')")
 @RequestMapping("doUpdate")
 public String doUpdate(){
  return "update resource";
 }
 @PreAuthorize("hasRole('jinpai')")
 @RequestMapping("/doDelete")
 public String doDelete(){
  return "delete resource";
 }
 @PreAuthorize("hasAuthority('sys:res:retrieve')")
 @RequestMapping("/doRetrieve")
 public String doRetrieve(){
  return "retrieve resource";
 }

 @GetMapping("/doGetUser")
 public String doGetUser(){
  Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
  User principal=(User)authentication.getPrincipal();
  System.out.println(principal.getClass());
  return principal.getUsername()+""+principal.getAuthorities();
 }
}
